Appguard + Shadow Defender

Discussion in 'other anti-malware software' started by jn2002dk, Jan 5, 2014.

Thread Status:
Not open for further replies.
  1. jn2002dk

    jn2002dk Registered Member

    Joined:
    Jan 3, 2014
    Posts:
    15
    Location:
    Denmark
    Hello

    If i run Appguard + Shadow Defender do i need Sandboxie?

    I'm also running

    Kaspersky Internet Security 2014
    Malwarebytes pro
    Malwarebytes anti exploit

    and someone suggested it's way overkill

    I'd prefer to keep Shadow Defender rather than Sandboxie because i like it's fire and forget approach

    Any input is much appreciated:)
     
  2. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    I have run DefenseWall (similar to Appguard) along side Shadow Defender for years and have found that to be sufficient for my needs.
    I've also added Sandboxie into the mix from time to time and saw no ill effects, just didn't see the need.
    Personally I prefer Shadow Defender over Sandboxie but that's with having DefenseWall installed as a proactive defense measure.
    I also have a license for Appguard and have run Appguard, Sandboxie and Shadow Defender together in the past but not for quite some time so I not sure if you need to add some settings into Appguard or Sandboxie so they can coexist.
     
  3. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,363
    Location:
    Sweden
    If you're an average Internet person, you don't need to add Sandboxie or replace Shadow Defender with it.
     
  4. jn2002dk

    jn2002dk Registered Member

    Joined:
    Jan 3, 2014
    Posts:
    15
    Location:
    Denmark
    Thank you:)

    Yes, i was thinking that i don't really need 2 virtualization programs as well and since i was told my setup is overkill i'm thinking of going with

    Kaspersky Internet Security 2014
    Malwarebytes Anti Exploit
    Shadow Defender and i'll only be browsing in shadow mode
    Appguard set to lockdown unless i'm installing something

    and then i'll disable the real time protection of Malwarebytes pro since i probably don't need that with KIS2014 running though i'll keep it installed just for scans

    Does Sandboxie add another layer of defense on top of Shadow Defender or is it pointless?
     
  5. jn2002dk

    jn2002dk Registered Member

    Joined:
    Jan 3, 2014
    Posts:
    15
    Location:
    Denmark
    I'm probably not an average internet person;)

    By that i mean that i frequent sites which would likely be considered sketchy which is why i have this borderline paranoid setup

    But i'm really not sure if there is a point to running Sandboxie and Shadow Defender together and google didn't give me any conclusive answers

    Also, i'm not really experienced with setting up Sandboxie and it has caused me some annoyances over the years so if there is no point in using it i might as well stop

    Thanks for your reply:)
     
  6. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,071
    Location:
    Germany
    Several thoughts.

    If you have KIS 2014, running other anti-viruses or anti-exploit programs is moot, because KIS has Trusted Applications Mode, which is much more effective than any other detection measure like MBAM for example. I bet you don't even know about the existance of Trusted Applications Mode, do you? It also comes with its own exploit protection, that has at least been undergone some sort of scrutiny. It's not even new but has been a part of KIS and KAV since version 2013. I hardly doubt the benefit of MBAE in this case.

    Regarding Shadow Defender. You said you are only browsing in Shadow Mode. How do you mean that exactly? Are you always in Shadow Mode or do you enter Shadow Mode when you open the browser and reboot if you want to do something else? With AppGuard and Sandboxie in place, properly set-up and understood, I wouldn't use Shadow Defender for every-day as well, but rather as an on-demand tool.

    Your setup reminds of that scene from Hot Shots Part Deux, where Topper Harley gets suited up for combat. He straps so much gear that he simply collapses.

    From a clinical point of view, running all these programs together at the same time gives you no benefit in terms of security, it rather increases your attack surface. Further it slows down your system and makes it unstable.
     
  7. jn2002dk

    jn2002dk Registered Member

    Joined:
    Jan 3, 2014
    Posts:
    15
    Location:
    Denmark
    There is no need to be condescending. It's not constructive and if you're incapable of replying in a reasonable manner i'd rather you not reply at all. In fact you were bordering on being condescending yesterday in another thread so i fail to see why you'd go the extra mile to be just that again in this thread

    I do know about the application control in KIS2014 but that wasn't my question at all. You've already made your thoughts on sandboxie clear in another thread yesterday but i find it annoying and not exactly free of bugs so i'd rather avoid using it

    I'm simply asking if i'm correct in assuming that it's pointless to run sandboxie and shadow defender together and yes, i run in shadow mode all the time

    At any rate, thank you for the constructive part of your reply
     
  8. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,071
    Location:
    Germany
    I am sorry if a part of my reply was condescending.
     
  9. jn2002dk

    jn2002dk Registered Member

    Joined:
    Jan 3, 2014
    Posts:
    15
    Location:
    Denmark
    No harm done and i'm sorry if i misunderstood you


    As per your advice i've decided to keep on using Noscript. I've also disabled the real time scanning in Malwarebytes pro so it doesn't overlap or conflict with KIS 2014 but i'm curious to hear what you would do knowing what software i have?

    The reason i'm using Appguard is 1. I can simply right click and enter full lockdown mode and 2. Doing the initial trusted applications scan is estimated by KIS to take 11 hours which seems excessive. However if application control is better than Appguard i could suffer through that but Google searches came up inconclusive

    Malwarebytes anti exploit was just a spur of the moment kind of thing and i've removed it
     
  10. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    Sandboxie does on a per-application basis what AppGuard and Shadow Defender together are already doing on a system-wide basis, so there is obviously overlap. That said, the overlap in features is only partial.

    Sandboxie has some additional policy restriction features, and operates with a finer level of granularity than is possible with AppGuard, that enables sandboxed applications to be more tightly contained and restricted than is possible with just AppGuard and Shadow Defender alone.

    To answer the question, it isn't necessary to run Sandboxie as well as AppGuard and Shadow Defender, but it isn't completely redundant either. All three run well together, so it's a question of user preference.
     
    Last edited: Jan 5, 2014
  11. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,071
    Location:
    Germany
    With AppGuard active Trusted Applications Mode is not necessary, of course. AppGuard alone, even more so at Locked Down, is already so powerful that you can start asking yourself if anything else is necessary and if so, what that might be.

    Anti-Virus? People use AppGuard to stop what traditional Anti-Virus misses, but then again it stops all the stuff the Anti-Virus would have caught just as well. Further Anti-Viruses come with many unnecessary features, which seem even more unnecessary in the presence of AppGuard.

    Virtualization comes to mind, because AppGuard doesn't cover that. Of course it shouldn't be necessary, if AppGuard is working as intended, but it is at least a measure worth discussing. Programs like Sandboxie can even further restrict the way in which applications under its supervision operate and implies more measures than just virtualization, so that's something you can think about. But it depends a lot on how you configure it. Unlike Sandboxie, Shadow Defender cannot stop an attack, it can clean your system on a reboot.

    Browser security measures. Scripting and plugin control are very powerful features, because most browser related attacks rely on scripts and vulnerable plugins. If they are not set to autoplay, many attacks cannot even be started in the first place. Of course it is legitimate to wonder why you should put yourself through the pain of scripting and plugin control, if you already have something like AppGuard is in place.
     
  12. jn2002dk

    jn2002dk Registered Member

    Joined:
    Jan 3, 2014
    Posts:
    15
    Location:
    Denmark
    So in your opinion Sandboxie with restrictive rights would offer an additional layer that would justify any increased attack surface?

    Yes, i think scripting and plugin control has become part of my browsing routine and has been for years so i might as well keep it and maybe be slightly more relaxed with whitelisting to remove some of the pain from it

    As for trusted applications and Appguard, is there any potential harm in having both? If so which would you consider stronger?

    Thank you guys for all your input, it is very much appreciated:)
     
  13. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    Whether or not Sandboxie would increase the attack surface is highly speculative and beyond my technical knowledge of the product to answer. For the attack surface to increase, there would need to be vulnerabilities in the way Sandboxie has been coded that could be exploited.

    Even if Sandboxie were unable to contain a specific malware, this wouldn't represent an overall increase in the attack surface unless it could be demonstrated that the malware would have failed had Sandboxie not been used. I don't know of any evidence which suggests that Sandboxie does increase the attack surface.

    In any case, even if Sandboxie did increase the attack surface, there would still need to be a risk assessment, offsetting that possibility against the additional protection that Sandboxie might provide in certain use cases. Only you can judge whether Sandboxie might provide some additional benefit in your case.
     
    Last edited: Jan 5, 2014
Loading...
Thread Status:
Not open for further replies.